×
This file seems to be a .NET executable .
Sadly, Manalyzer's analysis techniques were designed for native code, so it's likely that this report won't tell you much.
Sorry!
Architecture
IMAGE_FILE_MACHINE_I386
Subsystem
IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date
2019-Apr-27 20:56:12
Comments
CompanyName
FileDescription
TokenBuster
FileVersion
1.0.0.0
InternalName
TokenBuster.exe
LegalCopyright
Copyright © 2019
LegalTrademarks
OriginalFilename
TokenBuster.exe
ProductName
TokenBuster
ProductVersion
1.0.0.0
Assembly Version
1.0.0.0
Info
Matching compiler(s):
Microsoft Visual C# v7.0 / Basic .NET
Malicious
VirusTotal score: 36/68 (Scanned on 2021-05-02 05:40:19)
MicroWorld-eScan:
Trojan.GenericKD.43202029
ALYac:
Trojan.GenericKD.43202029
Malwarebytes:
Malware.AI.4210327017
VIPRE:
Trojan.Win32.Generic!BT
Sangfor:
Trojan.Win32.Save.a
K7AntiVirus:
Riskware ( 0040eff71 )
Alibaba:
Trojan:Win32/CryptInject.447026bb
K7GW:
Riskware ( 0040eff71 )
Cybereason:
malicious.b5c997
Cyren:
W32/Trojan.ACOI-0556
Symantec:
Trojan.Gen.MBT
APEX:
Malicious
Paloalto:
generic.ml
BitDefender:
Trojan.GenericKD.43202029
Ad-Aware:
Trojan.GenericKD.43202029
Sophos:
ML/PE-A
MaxSecure:
Trojan.Malware.74501972.susgen
FireEye:
Generic.mg.0ae65a6b5c9977ad
Emsisoft:
Trojan.GenericKD.43202029 (B)
SentinelOne:
Static AI - Malicious PE
GData:
Trojan.GenericKD.43202029
Webroot:
W32.Trojan.Gen
Gridinsoft:
Trojan.Win32.Agent.dg
Arcabit:
Trojan.Generic.D29335ED
AegisLab:
Trojan.Win32.Malicious.4!c
Microsoft:
VirTool:MSIL/CryptInject
Cynet:
Malicious (score: 100)
McAfee:
Artemis!0AE65A6B5C99
Cylance:
Unsafe
TrendMicro-HouseCall:
TROJ_GEN.R002H09K520
Rising:
Trojan.Zpevdo!8.F912 (CLOUD)
Ikarus:
Virus.MSIL.CryptInject
eGambit:
Unsafe.AI_Score_98%
BitDefenderTheta:
Gen:NN.ZemsilF.34686.Vo0@aWy0dDm
Panda:
Trj/GdSda.A
CrowdStrike:
win/malicious_confidence_90% (W)
MD5
0ae65a6b5c9977ad6748592296e07ce7
SHA1
dc9300421669951b5dde0dda71764625321b41e1
SHA256
1acf240cb3b4348fe16606f3a9bc9df027cb9b6cd614da9f8c6f39277e586076
SHA3
29c43e63e8c86d0a32e0ae4b205284216cf99ae9e4275f0f7aad530bf92f924a
SSDeep
49152:P4eFvPZhjxQbKPEUloUdjc3wI59Vi3P7AKQQwrrNiJkAqhxBBaP7XbyvDM8X86:DFnfKKsUqIKZi/8K7KQkAqhxBgP7Xba
Imports Hash
f34d5f2d4577ed6d9ceec516c1f5a744
e_magic
MZ
e_cblp
0x90
e_cp
0x3
e_crlc
0
e_cparhdr
0x4
e_minalloc
0
e_maxalloc
0xffff
e_ss
0
e_sp
0xb8
e_csum
0
e_ip
0
e_cs
0
e_ovno
0
e_oemid
0
e_oeminfo
0
e_lfanew
0x80
Signature
PE
Machine
IMAGE_FILE_MACHINE_I386
NumberofSections
3
TimeDateStamp
2019-Apr-27 20:56:12
PointerToSymbolTable
0
NumberOfSymbols
0
SizeOfOptionalHeader
0xe0
Characteristics
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Magic
PE32
LinkerVersion
11.0
SizeOfCode
0x292000
SizeOfInitializedData
0x2ca00
SizeOfUninitializedData
0
AddressOfEntryPoint
0x00293DFE (Section: .text)
BaseOfCode
0x2000
BaseOfData
0x294000
ImageBase
0x400000
SectionAlignment
0x2000
FileAlignment
0x200
OperatingSystemVersion
4.0
ImageVersion
0.0
SubsystemVersion
4.0
Win32VersionValue
0
SizeOfImage
0x2c4000
SizeOfHeaders
0x200
Checksum
0
Subsystem
IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve
0x100000
SizeofStackCommit
0x1000
SizeofHeapReserve
0x100000
SizeofHeapCommit
0x1000
LoaderFlags
0
NumberOfRvaAndSizes
16
MD5
677645bf4ec16fd348a1f2692b165535
SHA1
92346414741d30441185504b534c88012ca758e1
SHA256
81a5def567b84a91a67268e0a44f829d7a243b64aefce3d39044209ee14bf616
SHA3
b199d3b985e4bcbbd71082ae2bbfdbe947c15a413315e65a940bb238db46f22d
VirtualSize
0x291e04
VirtualAddress
0x2000
SizeOfRawData
0x292000
PointerToRawData
0x200
PointerToRelocations
0
PointerToLineNumbers
0
NumberOfLineNumbers
0
NumberOfRelocations
0
Characteristics
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy
7.9997
MD5
95335cf8ce0b3d7fce8942c1c333b5f7
SHA1
04287ac31395ce810f11a1e715f214ee4e02a1c2
SHA256
ebafc44151c60b8c348e847655022f6faf19c97d9f34fd971058ef4c7ea28f17
SHA3
a94eb5b018fb9994afd21055c1ee3bffd7b7cf2e0f813a3ee20941265b3debff
VirtualSize
0x2c7c8
VirtualAddress
0x294000
SizeOfRawData
0x2c800
PointerToRawData
0x292200
PointerToRelocations
0
PointerToLineNumbers
0
NumberOfLineNumbers
0
NumberOfRelocations
0
Characteristics
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy
4.6126
MD5
fa27cdce4dca9fe28ffd39b5cdf2e2bf
SHA1
ec4bffc1e4b91d36c8ec62e04e9936bdb4c7e6d7
SHA256
fe8a64fdfb61bfe4ac39c484979bf286785ced11bdc26aab5688b72f7f26fae5
SHA3
5b9a94a23f7909373d4b05c45edff702d9d2157d5bc666011297358c1cc83d6d
VirtualSize
0xc
VirtualAddress
0x2c2000
SizeOfRawData
0x200
PointerToRawData
0x2bea00
PointerToRelocations
0
PointerToLineNumbers
0
NumberOfLineNumbers
0
NumberOfRelocations
0
Characteristics
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy
0.0815394
Type
RT_ICON
Language
UNKNOWN
Codepage
UNKNOWN
Size
0x47bb
TimeDateStamp
1980-Jan-01 00:00:00
Entropy
7.96774
Detected Filetype
PNG graphic file
MD5
34e4c28a91e12fea9fb2ffc0ca5a609d
SHA1
fac1ca68e8c18d305fee81ebe010ca13e0abb372
SHA256
7e57c97aaf6499cb85503b2e41ee106e5793595f07560daba9dfd80c67fe12ac
SHA3
addc63a76c9965c4524daadb0ae82b86bfbfe82224144697227e612c20739d01
Type
RT_ICON
Language
UNKNOWN
Codepage
UNKNOWN
Size
0x10828
TimeDateStamp
1980-Jan-01 00:00:00
Entropy
3.13533
MD5
952b160c03c0fc9c92cd486d1ed173c5
SHA1
d2c51910c994d43d8d7825f111c4be0249c86fd8
SHA256
3e720dadad55dc3b5a5eb5e6a402864e03793d20afa9a8291270f5e4d21e7bd7
SHA3
567e8f3d4ad753e9154da1f589a7546684069874ebcc64c9e860bb506d1caad6
Type
RT_ICON
Language
UNKNOWN
Codepage
UNKNOWN
Size
0x94a8
TimeDateStamp
1980-Jan-01 00:00:00
Entropy
3.89947
MD5
eacbc663fa0f0c9999af3504a91e0345
SHA1
0340cba3e1f01a4a2c5980f2c65dfec2f51431e5
SHA256
96c7a4015d3360f09f4acaa772c266f0e0b1550678c49e7f40e63e7771690619
SHA3
302d2223c3c9a82ee7f9379bdac21baa2f9368ee366b8cf786091924eca8508e
Type
RT_ICON
Language
UNKNOWN
Codepage
UNKNOWN
Size
0x5488
TimeDateStamp
1980-Jan-01 00:00:00
Entropy
3.93578
MD5
26e855a850005afd5804fc19434fccea
SHA1
8d84f5c6f376c81339d198568030672d23e0379c
SHA256
ca2f42b27804843ecf730f491d263b60f0ff9bc07e83cfada011c7733f5ee5f5
SHA3
c854f2394180ecdf18307dcf022a369805914c455c1ecdf2f1eb63ebbefc0f53
Type
RT_ICON
Language
UNKNOWN
Codepage
UNKNOWN
Size
0x4228
TimeDateStamp
1980-Jan-01 00:00:00
Entropy
3.61621
MD5
9158d10b76b312e39584905ff5121b63
SHA1
a0f91dff7f16a7e0af80b25ac38bd6910e42dcc4
SHA256
b489e934c7acc5dcffc22c0fa312ba4c853ff22b207f9d088fa761affdee693d
SHA3
0f0aa103dcdfbc6b1a75d5d018bdffe258726f9e4ee0b023ce177e8e9b877ce1
Type
RT_ICON
Language
UNKNOWN
Codepage
UNKNOWN
Size
0x25a8
TimeDateStamp
1980-Jan-01 00:00:00
Entropy
4.45403
MD5
978284b52929af960d01fa2a4a8ffd12
SHA1
2e8fbfd316df51991b9bfc59b0a69eb27d905bed
SHA256
061eda6cd1d5b8aae29ed8a1527967f253050d95260f82e3a2cfbd41fbab7e68
SHA3
8bd9638f77412136a165988d825e9d4f42f2ea61f24b3a2b8e885448142760b3
Type
RT_ICON
Language
UNKNOWN
Codepage
UNKNOWN
Size
0x10a8
TimeDateStamp
1980-Jan-01 00:00:00
Entropy
4.67508
MD5
8f90ecfead995be6e5b17d0a7d521edf
SHA1
d13bb23838c7f2c0afd67e19d1ecbf8719f4d587
SHA256
854c92ceefdbdde9bd51afceef1a64e524d5b5edeee7f8ec77b815506b58b7b0
SHA3
74fe027d7d3a6b0e6a9e90cfb666b9b840ccf78fb0c01a817ca98dc5d1015853
Type
RT_ICON
Language
UNKNOWN
Codepage
UNKNOWN
Size
0x988
TimeDateStamp
1980-Jan-01 00:00:00
Entropy
5.37166
MD5
c275819a647e809231bc94eefb39d0ae
SHA1
3d4e075fd4f0c0e0819f4e06361ab1f892fd4fea
SHA256
7d80bf510962316554d121a1ed5d26e497fb9840bffa597c38346d142f94f0bf
SHA3
915e034888deb35fbcee75c5e701c24964f8598759657fc82796a0eb0e3e5244
Type
RT_ICON
Language
UNKNOWN
Codepage
UNKNOWN
Size
0x468
TimeDateStamp
1980-Jan-01 00:00:00
Entropy
5.6884
MD5
3a07670a34ffee2b221a2c48d1a1add0
SHA1
767b60a88a38997b2bd1bbb2f46f116b0403b909
SHA256
b1fcddd80d92cf3e6bd027f8ba7d4325c74fdeb54de6d623db038f8e862a34ec
SHA3
c89236ef17e8b8b03b3c9dd7169b551eb9f6ef14aa676c9bf666efc5457a48db
Type
RT_GROUP_ICON
Language
UNKNOWN
Codepage
UNKNOWN
Size
0x84
TimeDateStamp
1980-Jan-01 00:00:00
Entropy
3.03466
Detected Filetype
Icon file
MD5
6e836cbaccf721b4abda85cca4b32b24
SHA1
e4eae7038d72c4fc854f1e0229139fe9223b7c4e
SHA256
1f90791ae3b31ca40429810622c1c35744dd664cbd228112aaad7e7b60baac1e
SHA3
9690c6022666a0a7f73170f98b9dcb5777e86826ac84a3c3adceba0582364ae6
Type
RT_VERSION
Language
UNKNOWN
Codepage
UNKNOWN
Size
0x32c
TimeDateStamp
1980-Jan-01 00:00:00
Entropy
3.28414
MD5
c23c2657a3024d30cee9c05af62589a6
SHA1
6e1005cae1c3456968c52a384cc6d9da4544ac8c
SHA256
c81ff9e2445ac6c70045e576cb5cee01eadca260d84bd73613d939bcf4c7a723
SHA3
72277ae7ebe04c5a2ba1b6d73a52ba1fefcb4729a7ffa1e960bb880a3f5233bf
Type
RT_MANIFEST
Language
UNKNOWN
Codepage
UNKNOWN
Size
0x1ea
TimeDateStamp
1980-Jan-01 00:00:00
Entropy
5.00112
MD5
b7db84991f23a680df8e95af8946f9c9
SHA1
cac699787884fb993ced8d7dc47b7c522c7bc734
SHA256
539dc26a14b6277e87348594ab7d6e932d16aabb18612d77f29fe421a9f1d46a
SHA3
4f72877413d13a67b52b292a8524e2c43a15253c26aaf6b5d0166a65bc615cff
Signature
0xfeef04bd
StructVersion
0x10000
FileVersion
1.0.0.0
ProductVersion
1.0.0.0
FileFlags
(EMPTY)
FileOs
VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
FileType
VFT_APP
Language
UNKNOWN
Comments
CompanyName
FileDescription
TokenBuster
FileVersion (#2)
1.0.0.0
InternalName
TokenBuster.exe
LegalCopyright
Copyright © 2019
LegalTrademarks
OriginalFilename
TokenBuster.exe
ProductName
TokenBuster
ProductVersion (#2)
1.0.0.0
Assembly Version
1.0.0.0